This is a report that should contain complex information about the web application. It should be revisited by a team member. This scann is meant to be run periodically and is meant to be the longest out of all the scanns.

Generated on Mon, 29 Jan 2024 13:11:33

ZAP Version: 2.14.0

Summary of Alerts

Risk Level Number of Alerts
High
2
Medium
5
Low
4

Passing Rules

Name Rule Type Threshold Strength
Directory Browsing Active LOW HIGH
CRLF Injection Active LOW HIGH
Path Traversal Active LOW HIGH
Remote File Inclusion Active LOW HIGH
Parameter Tampering Active LOW HIGH
Server Side Include Active LOW HIGH
GET for POST Active LOW HIGH
Cross Site Scripting (Reflected) Active LOW HIGH
Cross Site Scripting (Persistent) Active LOW HIGH
Script Active Scan Rules Active LOW HIGH
Cross Site Scripting (Persistent) - Prime Active LOW HIGH
Cross Site Scripting (Persistent) - Spider Active LOW HIGH
SQL Injection - MySQL Active LOW HIGH
SQL Injection - Hypersonic SQL Active LOW HIGH
SQL Injection - Oracle Active LOW HIGH
SQL Injection - PostgreSQL Active LOW HIGH
SQL Injection - SQLite Active LOW HIGH
Cross Site Scripting (DOM Based) Active LOW HIGH
SQL Injection - MsSQL Active LOW HIGH
Trace.axd Information Leak Active LOW HIGH
XSLT Injection Active LOW HIGH
.htaccess Information Leak Active LOW HIGH
.env Information Leak Active LOW HIGH
Server Side Code Injection Active LOW HIGH
Hidden File Finder Active LOW HIGH
XPath Injection Active LOW HIGH
Remote OS Command Injection Active LOW HIGH
XML External Entity Attack Active LOW HIGH
Generic Padding Oracle Active LOW HIGH
Spring Actuator Information Leak Active LOW HIGH
SOAP Action Spoofing Active LOW HIGH
Log4Shell Active LOW HIGH
SOAP XML Injection Active LOW HIGH
Spring4Shell Active LOW HIGH
Heartbleed OpenSSL Vulnerability Active LOW HIGH
Buffer Overflow Active LOW HIGH
Source Code Disclosure - CVE-2012-1823 Active LOW HIGH
Format String Error Active LOW HIGH
Server Side Template Injection Active LOW HIGH
Remote Code Execution - CVE-2012-1823 Active LOW HIGH
External Redirect Active LOW HIGH
Server Side Template Injection (Blind) Active LOW HIGH
User Agent Fuzzer Active LOW HIGH
Source Code Disclosure - /WEB-INF folder Active LOW HIGH
Session Management Response Identified Passive MEDIUM -
Verification Request Identified Passive MEDIUM -
Insecure JSF ViewState Passive MEDIUM -
Vulnerable JS Library (Powered by Retire.js) Passive MEDIUM -
Charset Mismatch Passive MEDIUM -
Cookie No HttpOnly Flag Passive MEDIUM -
Cookie Without Secure Flag Passive MEDIUM -
Re-examine Cache-control Directives Passive MEDIUM -
Content-Type Header Missing Passive MEDIUM -
Application Error Disclosure Passive MEDIUM -
Information Disclosure - Debug Error Messages Passive MEDIUM -
Information Disclosure - Sensitive Information in URL Passive MEDIUM -
Information Disclosure - Sensitive Information in HTTP Referrer Header Passive MEDIUM -
Information Disclosure - Suspicious Comments Passive MEDIUM -
Open Redirect Passive MEDIUM -
Cookie Poisoning Passive MEDIUM -
User Controllable Charset Passive MEDIUM -
User Controllable HTML Element Attribute (Potential XSS) Passive MEDIUM -
WSDL File Detection Passive MEDIUM -
Loosely Scoped Cookie Passive MEDIUM -
Viewstate Passive MEDIUM -
Directory Browsing Passive MEDIUM -
Heartbleed OpenSSL Vulnerability (Indicative) Passive MEDIUM -
Strict-Transport-Security Header Passive MEDIUM -
HTTP Server Response Header Passive MEDIUM -
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) Passive MEDIUM -
X-Backend-Server Header Information Leak Passive MEDIUM -
Secure Pages Include Mixed Content Passive MEDIUM -
HTTP to HTTPS Insecure Transition in Form Post Passive MEDIUM -
HTTPS to HTTP Insecure Transition in Form Post Passive MEDIUM -
User Controllable JavaScript Event (XSS) Passive MEDIUM -
Big Redirect Detected (Potential Sensitive Information Leak) Passive MEDIUM -
Retrieved from Cache Passive MEDIUM -
X-ChromeLogger-Data (XCOLD) Header Information Leak Passive MEDIUM -
Cookie without SameSite Attribute Passive MEDIUM -
CSP Passive MEDIUM -
X-Debug-Token Information Leak Passive MEDIUM -
Username Hash Found Passive MEDIUM -
X-AspNet-Version Response Header Passive MEDIUM -
PII Disclosure Passive MEDIUM -
Script Passive Scan Rules Passive MEDIUM -
Stats Passive Scan Rule Passive MEDIUM -
Absence of Anti-CSRF Tokens Passive MEDIUM -
Hash Disclosure Passive MEDIUM -
Weak Authentication Method Passive MEDIUM -
Reverse Tabnabbing Passive MEDIUM -
Modern Web Application Passive MEDIUM -
Authentication Request Identified Passive MEDIUM -

Sites

http://cdnjs.cloudflare.com

HTTP Response Code Number of Responses

No Authentication Statistics Found

Parameter Name Type Flags Times Used # Values

http://npm:3000

No Authentication Statistics Found

Parameter Name Type Flags Times Used # Values
cookieconsent_status
Cookie
634
1
language
Cookie
1086
1
welcomebanner_status
Cookie
479
1
EIO
URL
176
1
name
URL
68
1
q
URL
34
1
sid
URL
142
34
t
URL
142
142
transport
URL
176
2
Accept-Ranges
Header
712
1
Access-Control-Allow-Origin
Header
1131
1
Cache-Control
Header
712
1
Connection
Header
1307
2
Content-Length
Header
499
36
Content-Type
Header
499
12
Date
Header
1273
61
ETag
Header
1130
30
Feature-Policy
Header
1131
1
Keep-Alive
Header
1273
1
Last-Modified
Header
712
3
Sec-WebSocket-Accept
Header
34
34
Upgrade
Header
34
1
Vary
Header
243
1
X-Content-Type-Options
Header
1131
1
X-Frame-Options
Header
1131
1
X-Recruiting
Header
1131
1

http://NPM:3000

HTTP Response Code Number of Responses
200 OK
329
400 Bad Request
2

No Authentication Statistics Found

Parameter Name Type Flags Times Used # Values
Accept-Ranges
Header
5
1
Access-Control-Allow-Origin
Header
5
1
Cache-Control
Header
5
1
Connection
Header
5
1
Content-Length
Header
5
1
Content-Type
Header
5
1
Date
Header
5
1
ETag
Header
5
1
Feature-Policy
Header
5
1
Keep-Alive
Header
5
1
Last-Modified
Header
5
1
Vary
Header
5
1
X-Content-Type-Options
Header
5
1
X-Frame-Options
Header
5
1
X-Recruiting
Header
5
1

Alert Detail

High
Cloud Metadata Potentially Exposed
Description
The Cloud Metadata Attack attempts to abuse a misconfigured NGINX server in order to access the instance metadata maintained by cloud service providers such as AWS, GCP and Azure.

All of these providers provide metadata via an internal unroutable IP address '169.254.169.254' - this can be exposed by incorrectly configured NGINX servers and accessed by using this IP address in the Host header field.
URL http://NPM:3000/latest/meta-data/
Method GET
Parameter
Attack 169.254.169.254
Evidence
Request Header - size: 130 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/latest/meta-data/?EIO=4&transport=polling&t=OrLJf41&sid=UxwKA1bgOMG5lWJPAABA
Method POST
Parameter
Attack 169.254.169.254
Evidence
Request Header - size: 449 bytes.
Request Body - size: 2 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
Instances 2
Solution
Do not trust any user data in NGINX configs. In this case it is probably the use of the $host variable which is set from the 'Host' header and can be controlled by an attacker.
Reference https://www.nginx.com/blog/trust-no-one-perils-of-trusting-user-input/
Tags OWASP_2021_A05
OWASP_2017_A06
CWE Id
WASC Id
Plugin Id 90034
High
SQL Injection - SQLite
Description
SQL injection may be possible.
URL http://npm:3000/rest/products/search?q=%27%28
Method GET
Parameter q
Attack '(
Evidence SQLITE_ERROR
Request Header - size: 289 bytes.
Request Body - size: 0 bytes.
Response Header - size: 362 bytes.
Response Body - size: 309 bytes.
URL http://npm:3000/api/Challenges/?name=Score%20Board
Method GET
Parameter name
Attack " | case randomblob(1000000000) when not null then "" else "" end | "
Evidence The query time is controllable using parameter value [" | case randomblob(1000000000) when not null then "" else "" end | "], which caused the request to take [101] milliseconds, parameter value [" | case randomblob(1000000000) when not null then "" else "" end | "], which caused the request to take [101] milliseconds, when the original unmodified query with value [Score Board] took [55] milliseconds.
Request Header - size: 451 bytes.
Request Body - size: 0 bytes.
Response Header - size: 384 bytes.
Response Body - size: 30 bytes.
URL http://npm:3000/rest/products/search?q=
Method GET
Parameter q
Attack ' | case randomblob(1000000) when not null then "" else "" end | '
Evidence The query time is controllable using parameter value [' | case randomblob(1000000) when not null then "" else "" end | '], which caused the request to take [366] milliseconds, parameter value [' | case randomblob(1000000) when not null then "" else "" end | '], which caused the request to take [366] milliseconds, when the original unmodified query with value [] took [39] milliseconds.
Request Header - size: 369 bytes.
Request Body - size: 0 bytes.
Response Header - size: 384 bytes.
Response Body - size: 30 bytes.
Instances 3
Solution
Do not trust client side input, even if there is client side validation in place.

In general, type check all data on the server side.

If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'

If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.

If database Stored Procedures can be used, use them.

Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!

Do not create dynamic SQL queries using simple string concatenation.

Escape all data received from the client.

Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.

Apply the principle of least privilege by using the least privileged database user possible.

In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.

Grant the minimum database access that is necessary for the application.
Reference https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
Tags OWASP_2021_A03
WSTG-v42-INPV-05
OWASP_2017_A01
CWE Id 89
WASC Id 19
Plugin Id 40018
Medium
Content Security Policy (CSP) Header Not Set
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL http://NPM:3000
Method GET
Parameter
Attack
Evidence
Request Header - size: 216 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/
Method GET
Parameter
Attack
Evidence
Request Header - size: 315 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 139 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.git/index
Method GET
Parameter
Attack
Evidence
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 118 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 123 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 121 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 121 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 120 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.svn/entries
Method GET
Parameter
Attack
Evidence
Request Header - size: 118 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.svn/wc.db
Method GET
Parameter
Attack
Evidence
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/ftp
Method GET
Parameter
Attack
Evidence
Request Header - size: 109 bytes.
Request Body - size: 0 bytes.
Response Header - size: 338 bytes.
Response Body - size: 11,072 bytes.
URL http://NPM:3000/sitemap.xml
Method GET
Parameter
Attack
Evidence
Request Header - size: 117 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJPf1&sid=KFEN3mY0AqgMbN1gAAAA
Method POST
Parameter
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJQUh&sid=WB5i95hgJysuuml_AAAC
Method POST
Parameter
Attack
Evidence
Request Header - size: 405 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJRXQ&sid=wFy1HMCkZDFky_emAAAE
Method POST
Parameter
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJSdx&sid=3bmoESGQOm32o5q1AAAG
Method POST
Parameter
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJTp4&sid=ZArS7vr8ft4vk5snAAAI
Method POST
Parameter
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJVa-&sid=hx1hLe_C4oNYtmcWAAAM
Method POST
Parameter
Attack
Evidence
Request Header - size: 405 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJVEl&sid=cJCQZxf2NjVC4AwjAAAK
Method POST
Parameter
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJVrs&sid=6D9pGOzltWootN92AAAN
Method POST
Parameter
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJWMa&sid=4iJ_bokEJUrPyOpuAAAQ
Method POST
Parameter
Attack
Evidence
Request Header - size: 405 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
Instances 22
Solution
Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
Reference https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
http://www.w3.org/TR/CSP/
http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html
http://www.html5rocks.com/en/tutorials/security/content-security-policy/
http://caniuse.com/#feat=contentsecuritypolicy
http://content-security-policy.com/
Tags OWASP_2021_A05
OWASP_2017_A06
CWE Id 693
WASC Id 15
Plugin Id 10038
Medium
Cross-Domain Misconfiguration
Description
Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server
URL http://NPM:3000
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 216 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 315 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 139 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.git/index
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/main.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 118 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/polyfills.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 123 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/runtime.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 121 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/styles.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 121 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/vendor.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 120 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.svn/entries
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 118 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.svn/wc.db
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 134 bytes.
Request Body - size: 0 bytes.
Response Header - size: 456 bytes.
Response Body - size: 15,086 bytes.
URL http://npm:3000/ftp
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 109 bytes.
Request Body - size: 0 bytes.
Response Header - size: 338 bytes.
Response Body - size: 11,072 bytes.
URL http://npm:3000/main.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 113 bytes.
Request Body - size: 0 bytes.
Response Header - size: 483 bytes.
Response Body - size: 399,748 bytes.
URL http://npm:3000/polyfills.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 118 bytes.
Request Body - size: 0 bytes.
Response Header - size: 481 bytes.
Response Body - size: 54,478 bytes.
URL http://npm:3000/rest/admin/application-configuration
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 296 bytes.
Request Body - size: 0 bytes.
Response Header - size: 389 bytes.
Response Body - size: 18,843 bytes.
URL http://NPM:3000/robots.txt
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 378 bytes.
Response Body - size: 28 bytes.
URL http://npm:3000/runtime.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 479 bytes.
Response Body - size: 3,210 bytes.
URL http://NPM:3000/sitemap.xml
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 117 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/styles.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 469 bytes.
Response Body - size: 609,583 bytes.
URL http://npm:3000/vendor.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 115 bytes.
Request Body - size: 0 bytes.
Response Header - size: 485 bytes.
Response Body - size: 1,376,624 bytes.
Instances 21
Solution
Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).

Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.
Reference https://vulncat.fortify.com/en/detail?id=desc.config.dotnet.html5_overly_permissive_cors_policy
Tags OWASP_2021_A01
OWASP_2017_A05
CWE Id 264
WASC Id 14
Plugin Id 10098
Medium
ELMAH Information Leak
Description
The Error Logging Modules and Handlers (ELMAH [elmah.axd]) HTTP Module was found to be available. This module can leak a significant amount of valuable information.
URL http://NPM:3000/elmah.axd
Method GET
Parameter
Attack
Evidence HTTP/1.1 200 OK
Request Header - size: 115 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
Instances 1
Solution
Consider whether or not ELMAH is actually required in production, if it isn't then disable it. If it is then ensure access to it requires authentication and authorization. See also: https://elmah.github.io/a/securing-error-log-pages/
Reference https://www.troyhunt.com/aspnet-session-hijacking-with-google/
https://www.nuget.org/packages/elmah
https://elmah.github.io/
Tags OWASP_2021_A05
WSTG-v42-CONF-05
OWASP_2017_A06
CWE Id 94
WASC Id 14
Plugin Id 40028
Medium
Missing Anti-clickjacking Header
Description
The response does not include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options to protect against 'ClickJacking' attacks.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJaYK&sid=-Fe2TpDWwr9miEQAAAAi
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 405 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJb-_&sid=TO1VZ_Ozr3erCcSBAAAq
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJb0N&sid=iqd1gXTTUS8sKsVOAAAk
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJbcS&sid=GHoV9LJMkXsB1E-4AAAn
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJbJz&sid=Uryo1HmoA9aLc5fhAAAl
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 465 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJcgV&sid=wao5P0TgA_WKSZQ7AAAs
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJciv&sid=gqMNttxKQzgo-4MqAAAt
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 465 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJczL&sid=p0PQlfDeqCNetmXyAAAu
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJd5_&sid=F126rjByJg8CrfKKAAAx
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 465 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJdbA&sid=oNqctbtJ_qL_3Sk8AAAy
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 405 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJPf1&sid=KFEN3mY0AqgMbN1gAAAA
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJQUh&sid=WB5i95hgJysuuml_AAAC
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 405 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJRXQ&sid=wFy1HMCkZDFky_emAAAE
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJSdx&sid=3bmoESGQOm32o5q1AAAG
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJTp4&sid=ZArS7vr8ft4vk5snAAAI
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJVa-&sid=hx1hLe_C4oNYtmcWAAAM
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 405 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJVEl&sid=cJCQZxf2NjVC4AwjAAAK
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJVrs&sid=6D9pGOzltWootN92AAAN
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJWMa&sid=4iJ_bokEJUrPyOpuAAAQ
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 405 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJXjE&sid=n6FO_ROwaxZT8qRnAAAW
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 465 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJXJu&sid=uQxBxr5zVpT_QO-GAAAT
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJXMm&sid=hnHmAf9E9menufqYAAAS
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJYkU&sid=K9pLhRViRmIf457BAAAa
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 465 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJYY0&sid=e9t_uLPy_3Yq3GFwAAAY
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJZ-1&sid=3LSXbXLfwQnm4ucMAAAf
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 465 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJZjT&sid=MYzRuRr_G8WhViLZAAAe
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJZQx&sid=odyOKvnNiOXFMLitAAAc
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
Instances 27
Solution
Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.

If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
Reference https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
Tags OWASP_2021_A05
WSTG-v42-CLNT-09
OWASP_2017_A06
CWE Id 1021
WASC Id 15
Plugin Id 10020
Medium
Session ID in URL Rewrite
Description
URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJPf5&sid=KFEN3mY0AqgMbN1gAAAA
Method GET
Parameter sid
Attack
Evidence KFEN3mY0AqgMbN1gAAAA
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 53 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJPj4&sid=KFEN3mY0AqgMbN1gAAAA
Method GET
Parameter sid
Attack
Evidence KFEN3mY0AqgMbN1gAAAA
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJPm2&sid=KFEN3mY0AqgMbN1gAAAA
Method GET
Parameter sid
Attack
Evidence KFEN3mY0AqgMbN1gAAAA
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJQUj&sid=WB5i95hgJysuuml_AAAC
Method GET
Parameter sid
Attack
Evidence WB5i95hgJysuuml_AAAC
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJQWB&sid=WB5i95hgJysuuml_AAAC
Method GET
Parameter sid
Attack
Evidence WB5i95hgJysuuml_AAAC
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJRi9&sid=wFy1HMCkZDFky_emAAAE
Method GET
Parameter sid
Attack
Evidence wFy1HMCkZDFky_emAAAE
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJRXl&sid=wFy1HMCkZDFky_emAAAE
Method GET
Parameter sid
Attack
Evidence wFy1HMCkZDFky_emAAAE
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJSd-&sid=3bmoESGQOm32o5q1AAAG
Method GET
Parameter sid
Attack
Evidence 3bmoESGQOm32o5q1AAAG
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJSo7&sid=3bmoESGQOm32o5q1AAAG
Method GET
Parameter sid
Attack
Evidence 3bmoESGQOm32o5q1AAAG
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJTp8&sid=ZArS7vr8ft4vk5snAAAI
Method GET
Parameter sid
Attack
Evidence ZArS7vr8ft4vk5snAAAI
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJTyS&sid=ZArS7vr8ft4vk5snAAAI
Method GET
Parameter sid
Attack
Evidence ZArS7vr8ft4vk5snAAAI
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJVb4&sid=hx1hLe_C4oNYtmcWAAAM
Method GET
Parameter sid
Attack
Evidence hx1hLe_C4oNYtmcWAAAM
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJVEm&sid=cJCQZxf2NjVC4AwjAAAK
Method GET
Parameter sid
Attack
Evidence cJCQZxf2NjVC4AwjAAAK
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJVV3&sid=cJCQZxf2NjVC4AwjAAAK
Method GET
Parameter sid
Attack
Evidence cJCQZxf2NjVC4AwjAAAK
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=websocket&sid=3bmoESGQOm32o5q1AAAG
Method GET
Parameter sid
Attack
Evidence 3bmoESGQOm32o5q1AAAG
Request Header - size: 433 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=websocket&sid=cJCQZxf2NjVC4AwjAAAK
Method GET
Parameter sid
Attack
Evidence cJCQZxf2NjVC4AwjAAAK
Request Header - size: 433 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=websocket&sid=hx1hLe_C4oNYtmcWAAAM
Method GET
Parameter sid
Attack
Evidence hx1hLe_C4oNYtmcWAAAM
Request Header - size: 454 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=websocket&sid=KFEN3mY0AqgMbN1gAAAA
Method GET
Parameter sid
Attack
Evidence KFEN3mY0AqgMbN1gAAAA
Request Header - size: 433 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=websocket&sid=WB5i95hgJysuuml_AAAC
Method GET
Parameter sid
Attack
Evidence WB5i95hgJysuuml_AAAC
Request Header - size: 454 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=websocket&sid=wFy1HMCkZDFky_emAAAE
Method GET
Parameter sid
Attack
Evidence wFy1HMCkZDFky_emAAAE
Request Header - size: 433 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=websocket&sid=ZArS7vr8ft4vk5snAAAI
Method GET
Parameter sid
Attack
Evidence ZArS7vr8ft4vk5snAAAI
Request Header - size: 433 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJPf1&sid=KFEN3mY0AqgMbN1gAAAA
Method POST
Parameter sid
Attack
Evidence KFEN3mY0AqgMbN1gAAAA
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJQUh&sid=WB5i95hgJysuuml_AAAC
Method POST
Parameter sid
Attack
Evidence WB5i95hgJysuuml_AAAC
Request Header - size: 405 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJRXQ&sid=wFy1HMCkZDFky_emAAAE
Method POST
Parameter sid
Attack
Evidence wFy1HMCkZDFky_emAAAE
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJSdx&sid=3bmoESGQOm32o5q1AAAG
Method POST
Parameter sid
Attack
Evidence 3bmoESGQOm32o5q1AAAG
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJTp4&sid=ZArS7vr8ft4vk5snAAAI
Method POST
Parameter sid
Attack
Evidence ZArS7vr8ft4vk5snAAAI
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJVa-&sid=hx1hLe_C4oNYtmcWAAAM
Method POST
Parameter sid
Attack
Evidence hx1hLe_C4oNYtmcWAAAM
Request Header - size: 405 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJVEl&sid=cJCQZxf2NjVC4AwjAAAK
Method POST
Parameter sid
Attack
Evidence cJCQZxf2NjVC4AwjAAAK
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
Instances 28
Solution
For secure content, put session ID in a cookie. To be even more secure consider using a combination of cookie and URL rewrite.
Reference http://seclists.org/lists/webappsec/2002/Oct-Dec/0111.html
Tags OWASP_2021_A01
WSTG-v42-SESS-04
OWASP_2017_A03
CWE Id 200
WASC Id 13
Plugin Id 3
Low
Cross-Domain JavaScript Source File Inclusion
Description
The page includes one or more script files from a third-party domain.
URL http://NPM:3000
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 216 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 216 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 315 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 315 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/assets/public/favicon_js.ico
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 139 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/assets/public/favicon_js.ico
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 139 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.git/index
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.git/index
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/main.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 118 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/main.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 118 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/polyfills.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 123 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/polyfills.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 123 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/runtime.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 121 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/runtime.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 121 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/styles.css
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 121 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/styles.css
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 121 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/vendor.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 120 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/vendor.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 120 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.svn/entries
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 118 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.svn/entries
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 118 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.svn/wc.db
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.svn/wc.db
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/sitemap.xml
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 117 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/sitemap.xml
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 117 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
Instances 24
Solution
Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
Reference
Tags OWASP_2021_A08
CWE Id 829
WASC Id 15
Plugin Id 10017
Low
Private IP Disclosure
Description
A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems.
URL http://npm:3000/rest/admin/application-configuration
Method GET
Parameter
Attack
Evidence 192.168.99.100:3000
Request Header - size: 296 bytes.
Request Body - size: 0 bytes.
Response Header - size: 389 bytes.
Response Body - size: 18,843 bytes.
Instances 1
Solution
Remove the private IP address from the HTTP response body. For comments, use JSP/ASP/PHP comment instead of HTML/JavaScript comment which can be seen by client browsers.
Reference https://tools.ietf.org/html/rfc1918
Tags OWASP_2021_A01
OWASP_2017_A03
CWE Id 200
WASC Id 13
Plugin Id 2
Low
Timestamp Disclosure - Unix
Description
A timestamp was disclosed by the application/web server - Unix
URL http://npm:3000/main.js
Method GET
Parameter
Attack
Evidence 1734944650
Request Header - size: 113 bytes.
Request Body - size: 0 bytes.
Response Header - size: 483 bytes.
Response Body - size: 399,748 bytes.
URL http://npm:3000/rest/admin/application-configuration
Method GET
Parameter
Attack
Evidence 1969196030
Request Header - size: 296 bytes.
Request Body - size: 0 bytes.
Response Header - size: 389 bytes.
Response Body - size: 18,843 bytes.
URL http://npm:3000/rest/admin/application-configuration
Method GET
Parameter
Attack
Evidence 1970691216
Request Header - size: 296 bytes.
Request Body - size: 0 bytes.
Response Header - size: 389 bytes.
Response Body - size: 18,843 bytes.
URL http://npm:3000/rest/products/search?q=
Method GET
Parameter
Attack
Evidence 1969196030
Request Header - size: 283 bytes.
Request Body - size: 0 bytes.
Response Header - size: 389 bytes.
Response Body - size: 12,880 bytes.
URL http://npm:3000/rest/products/search?q=
Method GET
Parameter
Attack
Evidence 1970691216
Request Header - size: 283 bytes.
Request Body - size: 0 bytes.
Response Header - size: 389 bytes.
Response Body - size: 12,880 bytes.
Instances 5
Solution
Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.
Reference http://projects.webappsec.org/w/page/13246936/Information%20Leakage
Tags OWASP_2021_A01
OWASP_2017_A03
CWE Id 200
WASC Id 13
Plugin Id 10096
Low
X-Content-Type-Options Header Missing
Description
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJPf5&sid=KFEN3mY0AqgMbN1gAAAA
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 53 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJPj4&sid=KFEN3mY0AqgMbN1gAAAA
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJPm2&sid=KFEN3mY0AqgMbN1gAAAA
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJPZJ
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 274 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJQPC
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 295 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJQUj&sid=WB5i95hgJysuuml_AAAC
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJQWB&sid=WB5i95hgJysuuml_AAAC
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJRi9&sid=wFy1HMCkZDFky_emAAAE
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJRIP
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 274 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJRXl&sid=wFy1HMCkZDFky_emAAAE
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJSd-&sid=3bmoESGQOm32o5q1AAAG
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJSo7&sid=3bmoESGQOm32o5q1AAAG
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJSR_
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 274 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJTe5
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 274 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJTp8&sid=ZArS7vr8ft4vk5snAAAI
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJTyS&sid=ZArS7vr8ft4vk5snAAAI
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJUrf
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 274 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJVEm&sid=cJCQZxf2NjVC4AwjAAAK
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJVKK
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 295 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJVV3&sid=cJCQZxf2NjVC4AwjAAAK
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJVVv
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 325 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJPf1&sid=KFEN3mY0AqgMbN1gAAAA
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJQUh&sid=WB5i95hgJysuuml_AAAC
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 405 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJRXQ&sid=wFy1HMCkZDFky_emAAAE
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJSdx&sid=3bmoESGQOm32o5q1AAAG
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJTp4&sid=ZArS7vr8ft4vk5snAAAI
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLJVEl&sid=cJCQZxf2NjVC4AwjAAAK
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
Instances 27
Solution
Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.
Reference http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx
https://owasp.org/www-community/Security_Headers
Tags OWASP_2021_A05
OWASP_2017_A06
CWE Id 693
WASC Id 15
Plugin Id 10021